Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2014-0097

Опубликовано: 25 мая 2017
Источник: debian

Описание

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libspring-javanot-affectedpackage

Связанные уязвимости

ubuntu логотип

CVE-2014-0097

CVSS3: 7.3
ubuntu
больше 8 лет назад

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

redhat логотип

CVE-2014-0097

redhat
почти 12 лет назад

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

nvd логотип

CVE-2014-0097

CVSS3: 7.3
nvd
больше 8 лет назад

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

github логотип

GHSA-gv9v-c375-hvmg

CVSS3: 7.3
github
больше 3 лет назад

Improper Authentication in Spring Security